CVE-2021-20233

HIGH

GRUB2 < 2.06 - Out-of-bounds Write via Menu Rendering

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-20233. PoCs published by pauljrowland.

AI-analyzed exploit summary This PowerShell script remediates the BootHole vulnerability (CVE-2020-25632) by downloading and applying the latest Secure Boot DBX revocation list to invalidate vulnerable modules. It automates the process of fetching the necessary files and updating the UEFI configuration.

Description

A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Exploits (1)

nomisec WORKING POC
by pauljrowland · poc
https://github.com/pauljrowland/BootHoleFix

This PowerShell script remediates the BootHole vulnerability (CVE-2020-25632) by downloading and applying the latest Secure Boot DBX revocation list to invalidate vulnerable modules. It automates the process of fetching the necessary files and updating the UEFI configuration.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Secure Boot (UEFI)
Auth required
Prerequisites: Administrative privileges · Internet access to download required files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1926263
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-05
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220325-0001/

Scores

CVSS v3 8.2
EPSS 0.0061
EPSS Percentile 44.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (20)
fedoraproject/fedora 33
fedoraproject/fedora 34
gnu/grub2 < 2.06
netapp/ontap_select_deploy_administration_utility
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
redhat/enterprise_linux_server_aus 7.2
redhat/enterprise_linux_server_aus 7.3
redhat/enterprise_linux_server_aus 7.4
redhat/enterprise_linux_server_aus 7.6
... and 10 more
Published Mar 03, 2021
Tracked Since Feb 18, 2026